mirror of
				https://github.com/django/django.git
				synced 2025-10-25 06:36:07 +00:00 
			
		
		
		
	Fixed #10643: fixed the formtools security hash to handle allowed empty forms or forms without changed data.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@10753 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
		| @@ -110,16 +110,31 @@ class SecurityHashTests(unittest.TestCase): | |||||||
|         leading/trailing whitespace so as to be friendly to broken browsers that |         leading/trailing whitespace so as to be friendly to broken browsers that | ||||||
|         submit it (usually in textareas). |         submit it (usually in textareas). | ||||||
|         """ |         """ | ||||||
|         class TestForm(forms.Form): |         f1 = HashTestForm({'name': 'joe', 'bio': 'Nothing notable.'}) | ||||||
|             name = forms.CharField() |         f2 = HashTestForm({'name': '  joe', 'bio': 'Nothing notable.  '}) | ||||||
|             bio = forms.CharField() |  | ||||||
|          |  | ||||||
|         f1 = TestForm({'name': 'joe', 'bio': 'Nothing notable.'}) |  | ||||||
|         f2 = TestForm({'name': '  joe', 'bio': 'Nothing notable.  '}) |  | ||||||
|         hash1 = utils.security_hash(None, f1) |         hash1 = utils.security_hash(None, f1) | ||||||
|         hash2 = utils.security_hash(None, f2) |         hash2 = utils.security_hash(None, f2) | ||||||
|         self.assertEqual(hash1, hash2) |         self.assertEqual(hash1, hash2) | ||||||
|          |          | ||||||
|  |     def test_empty_permitted(self): | ||||||
|  |         """ | ||||||
|  |         Regression test for #10643: the security hash should allow forms with | ||||||
|  |         empty_permitted = True, or forms where data has not changed. | ||||||
|  |         """ | ||||||
|  |         f1 = HashTestBlankForm({}) | ||||||
|  |         f2 = HashTestForm({}, empty_permitted=True) | ||||||
|  |         hash1 = utils.security_hash(None, f1) | ||||||
|  |         hash2 = utils.security_hash(None, f2) | ||||||
|  |         self.assertEqual(hash1, hash2) | ||||||
|  |  | ||||||
|  | class HashTestForm(forms.Form): | ||||||
|  |     name = forms.CharField() | ||||||
|  |     bio = forms.CharField() | ||||||
|  |  | ||||||
|  | class HashTestBlankForm(forms.Form): | ||||||
|  |     name = forms.CharField(required=False) | ||||||
|  |     bio = forms.CharField(required=False) | ||||||
|  |  | ||||||
| # | # | ||||||
| # FormWizard tests | # FormWizard tests | ||||||
| # | # | ||||||
|   | |||||||
| @@ -18,10 +18,16 @@ def security_hash(request, form, *args): | |||||||
|  |  | ||||||
|     data = [] |     data = [] | ||||||
|     for bf in form: |     for bf in form: | ||||||
|         value = bf.field.clean(bf.data) or '' |         # Get the value from the form data. If the form allows empty or hasn't | ||||||
|  |         # changed then don't call clean() to avoid trigger validation errors. | ||||||
|  |         if form.empty_permitted and not form.has_changed(): | ||||||
|  |             value = bf.data or '' | ||||||
|  |         else: | ||||||
|  |             value = bf.field.clean(bf.data) or '' | ||||||
|         if isinstance(value, basestring): |         if isinstance(value, basestring): | ||||||
|             value = value.strip() |             value = value.strip() | ||||||
|         data.append((bf.name, value)) |         data.append((bf.name, value)) | ||||||
|  |          | ||||||
|     data.extend(args) |     data.extend(args) | ||||||
|     data.append(settings.SECRET_KEY) |     data.append(settings.SECRET_KEY) | ||||||
|  |  | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user